While your teams use Scribe to document and share processes, we want you to know your data is 100% protected. Scribe is not just easy and fast — it’s secure.
In addition to an industry-leading security program, our product has numerous built-in security features to ensure Scribe is used per your organization’s security requirements.
For organizations concerned with PII and PHI, admins can configure automatic redaction for specific categories of sensitive data. This data will be automatically blurred from every user’s screenshots and cannot be overridden.
When creating a Scribe for a sensitive process, a user can configure categories of sensitive data to be automatically redacted out of all screenshots, ensuring the data stays out of your guide and off our servers.
Users who need to blur sensitive data from existing screenshots can use the manual redaction tool. Once blurred, the screenshot cannot be unblurred without the right permissions.
Although our core functionality of automatically creating step-by-step guides doesn't use AI, we do offer supporting features powered by third-party AI services. Enterprise customers can opt out of AI features.
Scribe partners with 3rd party AI providers to provide the fastest, easiest documentation experience. Your data security is our top priority, and we ensure that these partners adhere to the same high standards for protecting your intellectual property.
We do not allow our AI service providers to use your data to train their models. Our AI providers delete any Scribe user data it has processed for the purpose of providing services to you within 30 days. Providers never receive the images in your Scribes.
Our service providers each have an executed data processing agreement with Scribe that binds the vendor to the same or more rigorous security controls that Scribe implements, including data encryption, backups, and retention measures.
For more information on our privacy standards, see our Privacy Policy.
We encrypt all data at rest using AES-256 encryption, ensuring your information is securely stored and protected from unauthorized access.
All data sent to or from our infrastructure is encrypted in transit using industry-standard Transport Layer Security (TLS) 1.2+, keeping your information safe while it's being transmitted. You can see our SSLLabs report here.
Access to encryption keys is strictly controlled and limited to authorized users with a business need, ensuring that your data remains confidential and secure. We leverage a key management vault with key rotation to protect and secure keys.
We use advanced intrusion detection and prevention systems to monitor and protect our environment, quickly identifying and addressing potential threats to keep your data safe. These systems scan for anomalistic or suspicious activity and page alerts to our 24x7 on-call security engineer.
We collect two types of user data.
User content
When a user is signed into the Scribe extension and app, we collect IP address, browser type, machine type, OS type, city-level geolocation, and user ID. This information is shared with subprocessors for troubleshooting, error reporting, product improvement, and user analytics. This data is securely hashed, aggregated, and encrypted by our subprocessors.
User session data
When a user is signed in to the Scribe extension and application, we collect IP address, browser type, machine type, operating system type, city-level geolocation, and user ID. This data is shared with our subprocessors to support troubleshooting, error reporting, product enhancement, and user analytics.
We conduct regular penetration testing to identify and address potential security vulnerabilities, keeping our systems robust against external threats.
Our infrastructure undergoes continuous vulnerability scanning at least monthly alongside continuous automated monitoring to detect and resolve weaknesses, maintaining a secure environment for your data.
All data is encrypted both in transit and at rest using industry-standard AES-256 and TLS 1.2+ protocols, ensuring comprehensive protection of your information.
We keep a detailed inventory of all our production system assets to ensure everything is tracked and managed efficiently, helping us maintain a secure and organized environment. The inventory tracks the status of annual security reviews for assets supporting service delivery.
To ensure a secure workplace, we conduct thorough background checks on all new employees and contractors, including criminal and educational history.
Our employees receive ongoing training in information security at least annually, keeping everyone updated on best practices and the latest security protocols to protect your data.
We use advanced endpoint monitoring tools to monitor and secure all devices connected to our network, ensuring they meet our security standards and protecting against potential threats.
Our offboarding process ensures that when an employee leaves, their access to our systems is promptly and securely revoked, protecting your data and maintaining our security standards.
Scribe’s infrastructure is hosted in SOC 2 Type II and ISO 27001 compliant data centers. Scribe has backup data center regions with failover and restore capabilities to ensure high availability.
We enforce least permissions access control, granting employees the minimal access necessary for their roles. We continuously monitor these permissions to protect your data.
Our development, staging, and production environments are fully segregated to prevent unauthorized access and ensure the integrity of our live systems.
We apply rigorous network and system hardening practices, including disabling unnecessary services, changing defaults, and applying security patches, to reduce vulnerabilities and bolster defenses.
Our web application firewall (WAF) shields against common threats like SQL injection and cross-site scripting, providing an additional layer of protection for our applications.
We are committed to providing the best service and availability. Learn more about our service status here.
Our global Support team works diligently to address any issues quickly. Enterprise customers receive priority support by a dedicated team.
We back up all our critical assets and regularly run backup restores to guarantee fast recovery in case of disaster. Your data is backed up within minutes of transmission to our service. All of our backups are encrypted for data protection and are subject to heightened access control.
We have redundant data center zones in place with failover capabilities to ensure availability of services. Scribe’s RTO is 8 hours and RPO is 24 hours, providing quick restoration of services in the event of an outage and minimal to no data loss. We test our restore capabilities quarterly and consistently exceed our RTO.
We have robust failover and recovery procedures to quickly restore services and minimize downtime, ensuring your business continues to operate smoothly.